PHPackages marick/laravel-google-cloud-iap - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. marick/laravel-google-cloud-iap ActiveLibrary[Authentication & Authorization](/categories/authentication) marick/laravel-google-cloud-iap =============================== 1.0.0(1mo ago)135MITPHPCI passing Since Apr 14Pushed 1mo agoCompare [ Source](https://github.com/marickvantuil/laravel-google-cloud-iap)[ Packagist](https://packagist.org/packages/marick/laravel-google-cloud-iap)[ GitHub Sponsors](https://github.com/marickvantuil)[ RSS](/packages/marick-laravel-google-cloud-iap/feed)WikiDiscussions main Synced 1w ago READMEChangelog (8)Dependencies (7)Versions (10)Used By (0) Companion packages: [Cloud Logging](https://github.com/marickvantuil/laravel-google-cloud-logging), [Cloud Scheduler](https://github.com/stackkit/laravel-google-cloud-scheduler), [Cloud Tasks](https://github.com/stackkit/laravel-google-cloud-tasks-queue) [![Run tests](https://github.com/marickvantuil/laravel-google-cloud-iap/actions/workflows/run-tests.yml/badge.svg)](https://github.com/marickvantuil/laravel-google-cloud-iap/actions/workflows/run-tests.yml)[![Latest Stable Version](https://camo.githubusercontent.com/7a2d095850dca8a92fee5aab6896f54b364cb98d9281173b1ca9b87ca12bbaff/68747470733a2f2f706f7365722e707567782e6f72672f6d617269636b2f6c61726176656c2d676f6f676c652d636c6f75642d6961702f762f737461626c652e737667)](https://packagist.org/packages/marick/laravel-google-cloud-iap)[![Downloads](https://camo.githubusercontent.com/517a3cfbeaf85bb1f676be8bf86b6f356a493ec8597924001ae1ed5d69947c02/68747470733a2f2f706f7365722e707567782e6f72672f6d617269636b2f6c61726176656c2d676f6f676c652d636c6f75642d6961702f646f776e6c6f6164732e737667)](https://packagist.org/packages/marick/laravel-google-cloud-iap) Introduction ============ [](#introduction) This package integrates [Google Cloud Identity-Aware Proxy (IAP)](https://cloud.google.com/iap) with Laravel's authentication system. When IAP is enabled on a Cloud Run service or App Engine application, Google intercepts every request and requires the user to authenticate with their Google account. Authenticated requests are forwarded to your app with a signed JWT header (`X-Goog-IAP-JWT-Assertion`) containing the user's identity. This package verifies that JWT and exposes the user via `Auth::user()`, so you can access the logged-in user anywhere in your Laravel application without building your own login system. This package requires Laravel 12 or 13. > **Note:** If your app uses database sessions, the `user_id` column in the `sessions` table must be a `varchar` instead of the default `bigint`, as IAP user identifiers are strings. Run a migration to change the column type before using this package. Installation ============ [](#installation) Install the package with Composer: ``` composer require marick/laravel-google-cloud-iap ``` Register the `iap` guard in `config/auth.php`: ``` 'guards' => [ 'iap' => [ 'driver' => 'iap', ], ], ``` Set it as your default guard, or use it explicitly per route: ``` // Set as default 'defaults' => [ 'guard' => 'iap', ], ``` How to ====== [](#how-to) Access the authenticated user ----------------------------- [](#access-the-authenticated-user) ``` use Illuminate\Support\Facades\Auth; Auth::user()->email; // john@company.com Auth::user()->sub; // accounts.google.com:123456789 Auth::user()->domain; // company.com Auth::check(); // true when the IAP header is present and valid Auth::guest(); // true when unauthenticated Auth::id(); // returns the sub claim ``` The user is an `IapUser` value object — it has no database backing. Google manages your users; this package just reads what IAP tells you. Protect routes -------------- [](#protect-routes) Use the `iap` middleware alias instead of `auth`. This is necessary because IAP has no login page to redirect to — unauthenticated requests return a `401` response instead. ``` Route::middleware('iap:iap')->group(function () { Route::get('/dashboard', DashboardController::class); }); ``` The `iap` alias is registered automatically by the package's service provider. Restrict by domain or email --------------------------- [](#restrict-by-domain-or-email) Pass allowed domains or email addresses after the guard name. Users that match none of them receive a `403` response. ``` // Single domain Route::middleware('iap:iap,company.com')->group(function () { Route::get('/dashboard', DashboardController::class); }); // Multiple domains Route::middleware('iap:iap,company.com,partner.com')->group(function () { Route::get('/dashboard', DashboardController::class); }); // Specific email Route::middleware('iap:iap,john@company.com')->group(function () { Route::get('/dashboard', DashboardController::class); }); // Mixed domains and emails Route::middleware('iap:iap,company.com,john@partner.com')->group(function () { Route::get('/dashboard', DashboardController::class); }); ``` Blade directives ---------------- [](#blade-directives) ``` @iapauth Hello, {{ Auth::user()->email }}! @endiapauth @iapauth('company.com') You are from company.com. @endiapauth @iapauth('john@company.com') Hello, John! @endiapauth @iapauth('company.com', 'john@partner.com') You are from an allowed domain or a specific user. @endiapauth @iapguest You are not logged in. @endiapguest ``` Validate the audience claim --------------------------- [](#validate-the-audience-claim) IAP signs JWTs with an audience claim (`aud`) specific to your backend service. Validating it prevents tokens issued for one service from being accepted by another. Set it via the environment: ``` IAP_AUDIENCE=/projects/123456789/global/backendServices/456789123 ``` For App Engine the format is `/projects/PROJECT_NUMBER/apps/PROJECT_ID`. Leave it unset to skip audience validation (fine for single-service setups). Testing ======= [](#testing) Act as a user ------------- [](#act-as-a-user) ``` use Marick\LaravelGoogleCloudIap\CloudIAP; CloudIAP::actingAs('john@company.com'); $this->assertTrue(Auth::check()); $this->assertSame('john@company.com', Auth::user()->email); $this->assertSame('company.com', Auth::user()->domain); ``` Provide a custom `sub` if your tests need a specific identifier: ``` CloudIAP::actingAs('john@company.com', 'accounts.google.com:12345'); ``` Test unauthenticated behaviour ------------------------------ [](#test-unauthenticated-behaviour) ``` CloudIAP::fake(); $this->assertNull(Auth::user()); $this->assertTrue(Auth::guest()); ``` `fake()` also ensures that any `X-Goog-IAP-JWT-Assertion` header present during a test is ignored — no HTTP calls are made to Google's certificate endpoint. ### Health Score 38 — LowBetter than 83% of packages Maintenance89 Actively maintained with recent releases Popularity9 Limited adoption so far Community6 Small or concentrated contributor base Maturity39 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 9 Last Release 55d ago Major Versions 0.0.8 → 1.0.02026-04-15 ### Community Maintainers ![](https://www.gravatar.com/avatar/a7bb0c8615315147d44be10ad68e07267ad27b6ef74bdca5a566f5a4e443045e?d=identicon)[Marick](/maintainers/Marick) --- Top Contributors [![marickvantuil](https://avatars.githubusercontent.com/u/647007?v=4)](https://github.com/marickvantuil "marickvantuil (18 commits)") ### Code Quality Static AnalysisPHPStan Code StyleLaravel Pint ### Embed Badge ![Health badge](/badges/marick-laravel-google-cloud-iap/health.svg) ``` [![Health](https://phpackages.com/badges/marick-laravel-google-cloud-iap/health.svg)](https://phpackages.com/packages/marick-laravel-google-cloud-iap) ``` ### Alternatives [google/cloud Google Cloud Client Library 1.2k16.5M56](/packages/google-cloud)[google/cloud-core Google Cloud PHP shared dependency, providing functionality useful to all components. 343128.8M101](/packages/google-cloud-core)[google/gax Google API Core for PHP 268111.6M515](/packages/google-gax)[googleads/googleads-php-lib Google Ad Manager SOAP API Client Library for PHP 68310.4M25](/packages/googleads-googleads-php-lib)[googleads/google-ads-php Google Ads API client for PHP 3478.1M11](/packages/googleads-google-ads-php)[imdhemy/google-play-billing Google Play Billing 491.4M5](/packages/imdhemy-google-play-billing) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)